CI Variables

omnibus-gitlab CI pipelines use variables provided by the CI environment to change build behavior between mirrors and keep sensitive data out of the repositories.

Check the table below for more information about the various CI variables used in the pipelines.

Build variables

Required:

These variables are required to build packages in the pipeline.

Environment VariableDescription
AWS_SECRET_ACCESS_KEYAccount secret to read/write the build package to a S3 location.
AWS_ACCESS_KEY_IDAccount ID to read/write the build package to a S3 location.

Available:

These additional variables are available to override or enable different build behavior.

Environment VariableDescription
AWS_MAX_ATTEMPTSMaximum number of times an S3 command should retry.
USE_S3_CACHESet to any value and Omnibus will cache fetched software sources in an s3 bucket. Upstream documentation.
CACHE_AWS_ACCESS_KEY_IDAccount ID to read/write from the s3 bucket containing the s3 software fetch cache.
CACHE_AWS_SECRET_ACCESS_KEYAccount secret to read/write from the s3 bucket containing the s3 software fetch cache.
CACHE_AWS_BUCKETS3 bucket name for the software fetch cache.
CACHE_AWS_S3_REGIONS3 bucket region to write/read the software fetch cache.
CACHE_AWS_S3_ENDPOINTThe HTTP or HTTPS endpoint to send requests to, when using s3 compatible service.
CACHE_S3_ACCELERATESetting any value enables the s3 software fetch cache to pull using s3 accelerate.
SECRET_AWS_SECRET_ACCESS_KEYAccount secret to read the gpg private package signing key from a secure s3 bucket.
SECRET_AWS_ACCESS_KEY_IDAccount ID to read the gpg private package signing key from a secure s3 bucket.
GPG_PASSPHRASEThe passphrase needed to use the gpg private package signing key.
CE_MAX_PACKAGE_SIZE_MBThe max package size in MB allowed for CE packages before we alert the team and investigate.
EE_MAX_PACKAGE_SIZE_MBThe max package size in MB allowed for EE packages before we alert the team and investigate.
DEV_GITLAB_SSH_KEYSSH private key for an account able to read repositories from dev.gitlab.org. Used for SSH Git fetch.
BUILDER_IMAGE_REGISTRYRegistry to pull the CI Job images from.
BUILD_LOG_LEVELOmnibus build log level.
ALTERNATIVE_SOURCESSwitch to the custom sources listed in https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/.custom_sources.yml Defaults to true.
OMNIBUS_GEM_SOURCENon-default remote URI to clone the omnibus gem from.
QA_BUILD_TARGETBuild specified QA image. See this MR for details. Defaults to qa.
GITLAB_ASSETS_TAGTag of the assets image built by the build-assets-image job in the gitlab-org/gitlab pipelines. Defaults to $GITLAB_REF_SLUG or the gitlab-rails version.
BUILD_ON_ALL_OSBuild all OS images without using manual trigger if set to true.

Test variables

Environment VariableDescription
RAT_REFERENCE_ARCHITECTUREReference architecture template used in pipeline triggered by RAT job.
RAT_FIPS_REFERENCE_ARCHITECTUREReference architecture template used in pipeline triggered by RAT:FIPS job.
RAT_PACKAGE_URLURL to fetch regular package - for RAT pipeline triggered by RAT job.
RAT_FIPS_PACKAGE_URLURL to fetch FIPS package - for RAT pipeline triggered by RAT job.
RAT_TRIGGER_TOKENTrigger token for the RAT pipeline.
RAT_PROJECT_ACCESS_TOKENProject access token for triggering a RAT pipeline.
OMNIBUS_GITLAB_MIRROR_PROJECT_ACCESS_TOKENProject access token for building a test package.
CI_SLACK_WEBHOOK_URLWebhook URL for Slack failure notifications.
DANGER_GITLAB_API_TOKENGitLab API token for dangerbot to post comments to MRs.
DEPS_GITLAB_TOKENToken used by dependencies.io to create MRs.
DEPS_TOKENToken used by CI to auth to dependencies.io.
DOCS_API_TOKENToken used by CI to trigger a review-app build of the docs site.
MANUAL_QA_TESTVariable used to decide if the qa-subset-test job should be played automatically or not.

Release variables

Required:

These variables are required to release packages built by the pipeline.

Environment VariableDescription
STAGING_REPORepository at packages.gitlab.com where releases are uploaded prior to final release.
PACKAGECLOUD_USERPackagecloud username for pushing packages to packages.gitlab.com.
PACKAGECLOUD_TOKENAPI access token for pushing packages to packages.gitlab.com.
LICENSE_S3_BUCKETBucket for storing release license information published on the public page at https://gitlab-org.gitlab.io/omnibus-gitlab/licenses.html.
LICENSE_AWS_SECRET_ACCESS_KEYAccount secret to read/write from the S3 bucket containing license information.
LICENSE_AWS_ACCESS_KEY_IDAccount ID to read/write from the S3 bucket containing license information.
GCP_SERVICE_ACCOUNTUsed to read/write metrics in Google Object Storage.
DOCKERHUB_USERNAMEUsername used when pushing the Omnibus GitLab image to Docker Hub.
DOCKERHUB_PASSWORDPassword used when pushing the Omnibus GitLab image to Docker Hub.
AWS_ULTIMATE_LICENSE_FILEGitLab Ultimate license to use the Ultimate AWS AMIs.
AWS_PREMIUM_LICENSE_FILEGitLab Premium license to use the Ultimate AWS AMIs.
AWS_AMI_SECRET_ACCESS_KEYAccount secret for read/write access to publish the AWS AMIs.
AWS_AMI_ACCESS_KEY_IDAccount ID for read/write access to publish the AWS AMIs.
AWS_MARKETPLACE_ARNAWS ARN to allow AWS Marketplace access our official AMIs.

Available:

These additional variables are available to override or enable different build behavior.

Environment VariableDescription
RELEASE_DEPLOY_ENVIRONMENTDeployment name used for gitlab.com deployer trigger if current ref is a stable tag.
PATCH_DEPLOY_ENVIRONMENTDeployment name used for the gitlab.com deployer trigger if current ref is a release candidate tag.
AUTO_DEPLOY_ENVIRONMENTDeployment name used for the gitlab.com deployer trigger if current ref is an auto-deploy tag.
DEPLOYER_TRIGGER_PROJECTGitLab project ID for the repository used for the gitlab.com deployer.
DEPLOYER_TRIGGER_TOKENTrigger token for the various gitlab.com deployer environments.
RELEASE_BUCKETS3 bucket where release packages are pushed.
BUILDS_BUCKETS3 bucket where regular branch packages are pushed.
RELEASE_BUCKET_REGIONS3 bucket region.
RELEASE_BUCKET_S3_ENDPOINTSpecify S3 endpoint. Especially useful when S3 compatible storage service is adopted.
GITLAB_BUNDLE_GEMFILESet Gemfile path required by gitlab-rails bundle. Default is Gemfile.
GITLAB_COM_PKGS_RELEASE_BUCKETGCS bucket where release packages are pushed.
GITLAB_COM_PKGS_BUILDS_BUCKETGCS bucket where regular branch packages are pushed.
GITLAB_COM_PKGS_SA_FILEService account key used for pushing release packages for SaaS deployments, it must have write access to the pkgs bucket.

Unknown/outdated variables

Environment VariableDescription
VERSION_TOKEN 
TAKEOFF_TRIGGER_TOKEN 
TAKEOFF_TRIGGER_PROJECT 
RELEASE_TRIGGER_TOKEN 
GITLAB_DEV 
GET_SOURCES_ATTEMPTSA GitLab Runner variable used to control how many times runner tries to fetch the Git repository.
FOG_REGION 
FOG_PROVIDER 
FOG_DIRECTORY 
AWS_RELEASE_TRIGGER_TOKENUsed for releases older than 13.10.
ASSETS_AWS_SECRET_ACCESS_KEY 
ASSETS_AWS_ACCESS_KEY_ID 
AMI_LICENSE_FILE